Multiple buffer overflow vulnerabilities when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
References
| Link | Resource |
|---|---|
| https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-image | Vendor Advisory |
Configurations
History
23 Feb 2024, 19:37
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:*:* | |
| First Time |
Esri arcgis Server
|
30 Mar 2021, 17:21
| Type | Values Removed | Values Added |
|---|---|---|
| References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-server-imageĀ - Vendor Advisory | |
| CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 6.8 |
| CWE | CWE-120 | |
| CPE | cpe:2.3:a:esri:arcgis:*:*:*:*:*:*:*:* |
25 Mar 2021, 21:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2021-03-25 21:15
Updated : 2024-02-23 19:37
NVD link : CVE-2021-29094
Mitre link : CVE-2021-29094
CVE.ORG link : CVE-2021-29094
JSON object : View
Products Affected
esri
- arcgis_server
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')